diff --git a/library/x509.c b/library/x509.c
index ba8d71960..2764ba600 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -855,12 +855,16 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn)
             }
 
             c = name->val.p[i];
-            // Special characters requiring escaping, RFC 1779
-            if (c && strchr(",=+<>#;\"\\", c)) {
-                if (j + 1 >= sizeof(s) - 1) {
-                    return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+            // Special characters requiring escaping, RFC 4514 Section 2.4
+            if (c) {
+                if (strchr(",=+<>;\"\\+", c) || 
+                ((i == 0) && strchr("# ", c)) ||
+                ((i == name->val.len-1 ) && (c == ' '))) {
+                    if (j + 1 >= sizeof(s) - 1) {
+                        return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+                    }
+                    s[j++] = '\\';
                 }
-                s[j++] = '\\';
             }
             if (c < 32 || c >= 127) {
                 s[j] = '?';
diff --git a/library/x509_create.c b/library/x509_create.c
index bd772d3ac..170a6bc29 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -153,8 +153,8 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam
         if (!in_tag && *c == '\\' && c != end) {
             c++;
 
-            /* Check for valid escaped characters */
-            if (c == end || *c != ',') {
+            /* Check for valid escaped characters in RFC 4514 in Section 3*/
+            if (c == end || !strchr(" ,=+<>#;\"\\+", *c)) {
                 ret = MBEDTLS_ERR_X509_INVALID_NAME;
                 goto exit;
             }
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 084855019..e50f590db 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -184,8 +184,17 @@ mbedtls_x509_string_to_names:"C=NL, O=Offspark\\a Inc., OU=PolarSSL":"":MBEDTLS_
 X509 String to Names #6 (Escape at end)
 mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NAME
 
-X509 String to Names #6 (Invalid, no '=' or ',')
+X509 String to Names #7 (Invalid, no '=' or ',')
 mbedtls_x509_string_to_names:"ABC123":"":MBEDTLS_ERR_X509_INVALID_NAME
 
+X509 String to Names #8 (Escape valid characters)
+mbedtls_x509_string_to_names:"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":0
+
+X509 String to Names #9 (Escape '#' at beginning of string)
+mbedtls_x509_string_to_names:"C=NL, O=#Offspark#, OU=PolarSSL":"C=NL, O=\\#Offspark#, OU=PolarSSL":0
+
+X509 String to Names #10 (Escape ' ' at beginning and end of string)
+mbedtls_x509_string_to_names:"C=NL, O= Off spark , OU=PolarSSL":"C=NL, O=\\ Off spark\\ , OU=PolarSSL":0
+
 Check max serial length
 x509_set_serial_check: